[SATLUG] Possible Email Attacks
cd_satl at futuretechsolutions.com
Tue Nov 13 13:14:03 CST 2007
There are many different schools of thought on this one. As long as the
IP is just trying to relay spam and isn't consuming too much processor
or bandwidth, I wouldn't worry about it.
Brad Taylor wrote:
> I am running an Ubuntu 7.04 email server (Postfix+Dovecot+ClamAV)
> and it looks like someone has been trying to get into the system. I have
> had several messages like the this one:
> Transcript of session follows.
> Out: 220 hostname.domainname.com ESMTP Postfix (Ubuntu)
> In: helo www.MyMainServer.com
> Out: 250 hostname.domainname.com
> In: mail from:<michael78694 at MyMainServer.com>
> Out: 250 2.1.0 Ok
> In: rcpt to:<candy59839 at yahoo.com.tw>
> Out: 554 5.7.1 <candy59839 at yahoo.com.tw>: Relay access denied
> Session aborted, reason: lost connection
> It looks like my server is rejecting the connection as it should,
> but I had a question about blocking this before it gets to the server.
> I traced the IP back to an Asia-Pacific area according to ARIN. If I
> put a block on the IP address in IPTABLES would that be a wise decision?
More information about the SATLUG